[VOIPSEC] maybe vulnerability at sjphone
Diana Cionoiu
diana-liste at voip.null.ro
Wed Dec 5 05:10:40 CST 2007
Hi Sharon,
But this doesn't really help since you can only do that if you are a man
in the middle, and if you are a man in the middle you can
replace the RTP anyway.
Anyway this kind of behavior is normal because all those SIP fans
believe that RTP should come from anywhere and it should go to anywhere.
Diana
Sharon Laiv wrote:
> hi all,
>
> I just did the following experiment:
> I did a regular SIP call between 2 SJPhones (latest release), lets say from IP A to IP B.
>
> While in a call, I stopped sending RTP from B to A.
> Then I started sending RTP from C to A (C is not known to A and was no part of the signaling at all...).
>
> as a result, A started to get and render the RTP stream from C and changed it's RTP stream to C!!!
>
> So without no difficulty I I have stolen the strem from A to B....
> ( I guess this is a symmetric RTP like feature that is aimed to help the crossing of NATs)
>
> any comments?
>
>
>
> Thanks,
> Sharon
>
>
> ____________________________________________________________________________________
> Get easy, one-click access to your favorites.
> Make Yahoo! your homepage.
> http://www.yahoo.com/r/hs
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
More information about the Voipsec
mailing list